TLS handshake. The application repeats the request to create a stream (see step 1), using an encrypted connection.

If necessary, the application may request to compress the stream in ZLIB format. In the XMPP protocol, compression is described as an extension of the standard protocol: XEP-0138.

Authorization. The application passes the server a Base64-encoded authorization token. The token must be formed from the user's login and the OAuth token, separating them with a zero byte, for example: test\00c4181a7c2cf4521964a72ff57a34a07.